启用了 ssl 的 spring mvc - 没有可用的会话属性
Posted
技术标签:
【中文标题】启用了 ssl 的 spring mvc - 没有可用的会话属性【英文标题】:spring mvc with ssl enabled - no session attribute available 【发布时间】:2015-03-03 15:28:59 【问题描述】:我的 Spring MVC 项目有问题。在我的本地机器上,我的项目在没有在 spring security 中配置 SSL 的情况下运行,并且表单提交工作正常。但是如果我启用 SSL 并将项目上传到我的服务器,我会在每个表单上提交以下异常:
org.springframework.web.HttpSessionRequiredException:预期会话 属性“xxxx” org.springframework.web.method.annotation.ModelFactory.initModel(ModelFactory.java:114) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:758) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:721) org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868) javax.servlet.http.HttpServlet.service(HttpServlet.java:646) org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842) javax.servlet.http.HttpServlet.service(HttpServlet.java:727) com.github.dandelion.core.web.DandelionFilter.doFilter(DandelionFilter.java:138) org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:177) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.tukey.web.filters.urlrewrite.gzip.GzipFilter.doFilter(GzipFilter.java:85) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:146) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:105) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) de.eseven.bleckmannschulze.profiler.core.security.AjaxSessionTimeoutFilter.doFilter(AjaxSessionTimeoutFilter.java:38) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) org.tukey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) org.tukey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) org.tukey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) org.tukey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
我不知道瓦特在这里出了什么问题。登录和正常获取请求有效,但如果我提交带有会话属性的表单,我会收到此异常。
如果能得到一些提示,我可以研究我的问题,那就太好了。
【问题讨论】:
该问题不太可能与 SSL 有关。您的服务器上的 Spring 版本不同? ***.com/questions/2757198/… 也有类似的问题 与我的本地测试机唯一不同的是,在我的在线服务器上,在 tomcat 之前有一个 apache,并通过 ajp 连接到 tomcat。 经过更多测试。 SSL 和 Apache 不感兴趣。没有配置 ssl 并直接访问 tomcat,我得到了同样的错误。所以我的本地机器和服务器之间没有区别。相同的应用程序战争文件。两个系统上相同的 java jre 和 tomcat 7。我不知道在哪里可以搜索问题 在我的本地机器上,会话属性没有问题,只有在服务器上 这个答案应该可以解决你的问题***.com/a/2757449/1594449 【参考方案1】:谢谢.. 我现在解决了我的问题.. 问题是,我使用自定义会话属性存储并使用 @EnableWebMvcSecurity 注释我的安全配置。
在我的本地机器上,我的自定义商店替换了 spring 安全商店。但在服务器上却是另一种方式。那里的弹簧安全商店取代了我的定制商店。我不知道它以不同的顺序声明的方式。现在我改为@EnableWebSecurity 一切正常!
【讨论】:
以上是关于启用了 ssl 的 spring mvc - 没有可用的会话属性的主要内容,如果未能解决你的问题,请参考以下文章
将 .crt 添加到 Spring Boot 以启用 SSL
在 ASP.NET MVC 5 应用程序中启用 SSL 会导致 OpenIdConnectProtocolValidator 问题
启用 ssl 和 Elastic Beanstalk 的 Spring Boot - 找不到文件